Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2018-14553

NULL Pointer Dereference

Published: Feb 11, 2020 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
7.4 LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
Ubuntu
LOW
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2018-14553
CWEhttps://cwe.mitre.org/data/definitions/476.html

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name Vendor Start Version End Version
Libgd Libgd 2.1.1 (including) 2.2.5 (including)
Libgd Libgd 2.1.0 (including) 2.1.0 (including)
Libgd Libgd 2.1.0-rc2 (including) 2.1.0-rc2 (including)
Red Hat Enterprise Linux 8 RedHat gd-0:2.2.5-7.el8 *
Doxygen Ubuntu devel *
Doxygen Ubuntu esm-apps/focal *
Doxygen Ubuntu esm-apps/jammy *
Doxygen Ubuntu esm-apps/noble *
Doxygen Ubuntu focal *
Doxygen Ubuntu groovy *
Doxygen Ubuntu hirsute *
Doxygen Ubuntu impish *
Doxygen Ubuntu jammy *
Doxygen Ubuntu kinetic *
Doxygen Ubuntu lunar *
Doxygen Ubuntu mantic *
Doxygen Ubuntu noble *
Doxygen Ubuntu oracular *
Doxygen Ubuntu plucky *
Doxygen Ubuntu questing *
Doxygen Ubuntu trusty *
Libgd2 Ubuntu bionic *
Libgd2 Ubuntu devel *
Libgd2 Ubuntu eoan *
Libgd2 Ubuntu esm-infra-legacy/trusty *
Libgd2 Ubuntu esm-infra/bionic *
Libgd2 Ubuntu esm-infra/focal *
Libgd2 Ubuntu esm-infra/xenial *
Libgd2 Ubuntu focal *
Libgd2 Ubuntu groovy *
Libgd2 Ubuntu hirsute *
Libgd2 Ubuntu impish *
Libgd2 Ubuntu jammy *
Libgd2 Ubuntu kinetic *
Libgd2 Ubuntu lunar *
Libgd2 Ubuntu mantic *
Libgd2 Ubuntu noble *
Libgd2 Ubuntu oracular *
Libgd2 Ubuntu plucky *
Libgd2 Ubuntu questing *
Libgd2 Ubuntu trusty *
Libgd2 Ubuntu trusty/esm *
Libgd2 Ubuntu xenial *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use